Overview
Staff Application Security Engineer Jobs in San Francisco, California, USA at Grindr
Title: Staff Application Security Engineer
Company: Grindr
Location: San Francisco, California, USA
Type: Remote/Work from Home
Category: IT/Tech, Security
This is a hybrid role based in our Chicago or Bay Area Offices (San Francisco or Palo Alto) and will require you to be in the office on Tuesdays and Thursdays.
What’s so interesting about this role?
As a Staff Application Security Engineer at Grindr, you will be a key player in securing our platform, protecting millions of users, and ensuring best-in-class security practices. This role will elevate our application security strategy, leading efforts across web, mobile, and API security, while partnering with engineering teams to embed security into our development lifecycle.
You will architect and implement security tooling, drive Dev Sec Ops initiatives, and act as a trusted advisor for application security across the organization. This is an opportunity to take Grindr’s security posture to the next level in a high-impact role.
What’s the job?
• Assess & Improve Security Posture – Partner with engineering teams to evaluate the security state of our applications (web, mobile, APIs), identify risks, prioritize security efforts, and drive remediation.
• Build & Deploy Security Tooling – Architect and manage security solutions, including SAST, DAST, and Fuzzing tools, integrating them seamlessly into our Dev Sec Ops pipelines.
• Lead Secure SDLC Initiatives – Collaborate with developers to integrate security into CI/CD workflows, ensuring security is a core component of Grindr’s software development process.
• Security Culture & Stakeholder
Collaboration
– Work cross-functionally with product, engineering, compliance, and executive teams to ensure security is prioritized and embedded into the company’s DNA.
• Third-Party & Bug Bounty Programs – Manage security engagements with third-party organizations and oversee Grindr’s bug bounty program to identify and address vulnerabilities proactively.
• Incident Response & Threat Modeling – Contribute to security incident response, forensics, and threat modeling efforts, ensuring proactive risk mitigation.
• Mentor & Educate – Provide security guidance to engineers, conduct training sessions, and advocate for secure coding practices.
What we’ll love about you
• 8+ years of experience in Application Security, Software Security, or Dev Sec Ops , with a focus on securing web, mobile, and cloud applications.
• Proficiency in security tooling –
hands-on experience
with SAST/DAST tools (e.g., Sonar Qube, Snyk, Git Hub Advanced Security, Burp Suite, FFUF).
• Deep expertise in secure software development – Strong knowledge of OWASP Top 10, secure coding practices, and ability to conduct
code reviews
to identify security flaws.
• Cloud & Infrastructure Security – Experience securing cloud environments (AWS, GCP) and working with containerized architectures (Docker, Kubernetes) or similar.
• Strong
leadership
&
communication skills
– Ability to lead security initiatives, influence engineering teams, and communicate security risks effectively to technical and non-technical stakeholders.
• Experience with regulatory frameworks – Familiarity with SOX, GDPR, PCI, and SOC compliance and ability to ensure applications meet security and regulatory standards.
We’ll really swoon if you are/have
• Experience leading bug bounty programs …
